Configure FlexConfig Objects
Use FlexConfig objects to define a configuration to be deployed to a device. Each FlexConfig policy is composed of a list of FlexConfig objects, so the objects are essentially code modules composed of Apache Velocity scripting commands, ASA software configuration commands, and variables.
There are several predefined FlexConfig objects that you can use directly, or you can make copies if you need to edit them. You can also create your own objects from scratch. A FlexConfig object’s content can range from a single simple command string to elaborate CLI command structures that use variables and scripting commands to deploy commands whose content can differ from device to device or deployment to deployment.
You can also create FlexConfig policy objects when defining FlexConfig policies.
Before you begin
Keep the following in mind:
-
FlexConfig objects translate into commands that are then deployed to the device. These commands are already issued in global configuration mode. Therefore, do not include the enable and configure terminal commands as part of the FlexConfig object.
-
Determine what types of variables you will need, and create any policy objects that you will require. You cannot create objects for variables while editing a FlexConfig object.
-
Ensure that your commands do not conflict in any way with the VPN or access control configuration on the devices.
-
If there is more than one set of commands for an interface, only the last set of commands is deployed. Therefore, we recommend you not use beginning and ending commands to configure interfaces. For an example of configuring interfaces, see the ISIS_Interface_Configuration predefined FlexConfig object.
Procedure
Step 1 | Choose . | ||
Step 2 | Choose from the list of object types. | ||
Step 3 | Do one of the following:
| ||
Step 4 | Enter a Name and optionally, a description for the object. | ||
Step 5 | In the object body area, enter the commands and instructions to produce the required configuration. The object content is a sequence of scripting commands and configuration commands that generate a valid ASA software command sequence. The FTD device uses ASA software commands to configure some features. For more information on scripting and configuration commands, see: You can use variables to supply information that can be known only at runtime, or which can differ from device to device. You simply type in processing variables, but you must use the Insert menu to add variables that are associated with policy objects or system variables, or which are secret keys. For a complete discussion of variables, see FlexConfig Variables.
| ||
Step 6 | Choose the deployment frequency and type.
| ||
Step 7 | (Optional.) Click Validate above the object body to check the integrity of the script. The object is always validated when you click Save. You cannot save an invalid object. | ||
Step 8 | Click Save. |
What to do next
-
If an active policy references your object, deploy configuration changes;; see Deploy Configuration Changes in the ; see Deploy Configuration Changes.